Detailed Analysis:
This email, which has the subject line ‘Price List’, claims that you can view ‘our latest price list’ by opening an attached file. The email suggests that, if you need additional information, you should contact your local ITT office. The email has an attached .zip or .rar file.

However, the email is not from any ‘ITT office’ and the attachment does not contain a price list. Unzipping the attachment will reveal a JavaScript (.js) file. If you click this file in the hope of seeing the supposed price list, the JavaScript will contact a web server and download and install malware on your computer.

Malicious Javascript attachments are being used in an ongoing series of recent malware attacks. Often, the JavaScript downloads and installs Locky ransomware. Once installed, Locky encrypts your files and then demands that you pay a ransom to cybercriminals to get an unlock key. In other cases, the JavaScript may download malware components that can steal sensitive information such as bank login credentials from the infected computer.

Details, such as the name of the sender and the attachment name, may vary in different versions of these bogus ‘Price List’ emails.

If you receive one of these emails, do not click any links or open any attachments that it contains. No legitimate entity is ever likely to send a business document such as a price list in the form of an attached JavaScript file.

Last updated: April 29, 2016
First published: April 29, 2016
By Brett M. ChristensenAbout Hoax-Slayer